title:Status Update July 2022
date: 2022-08-02 13:00
tags: status update
summary: Status Update
---

So I recently bought a guix system server! It cost me about $250. It&rsquo;s got 16GB
of RAM (I can upgrade to 32GB) with a 4TB harddrive. I may play with RAID at
some point, but that&rsquo;s a little down the line. If you want some help getting
something like this for yourself, please contact me. This blog post is my first
attempt at trying to figure out how to connect to `copertino`, to the
internet.  Now on with the blog post!

So when you are like me, and you start to wonder how the internets work, a good
thing to learn first is difference between **WAN** and **LAN**. LAN is your local area
network. When you are at home, on your computer, you are on your LAN. If your
computer talks to another computer in your house, then those machines are using
the LAN. When your computer talks to `www.gnu.org`, your computer is accessing
the WAN, which is the wide area network, usually called the internet.

Computers talk to each other via IP addresses.  An IP address is a numerical ID
that is unique to each computer.  Computers use IP address as essentially phone
numbers to reach out and say, &ldquo;Hey what time are we having this binary number
crunching date?&rdquo;  What&rsquo;s interesting, is computers have more than just a phone
number, they have a phone number, plus several extensions.

When you call a business, and they say, &ldquo;Thanks for calling Bank of Scotland.
Please press 5 to talk to a manager, 4 to talk to a sales person, and 3 to open
an account.  Thanks!&rdquo;  5, 4, and 3 are extensions.  Computers have the same
thing, on steroids.  They calls extensions ports, and there are like 50,000+
ports.  Ports are usually set up to be used by specific applications.  For
example, your web browser uses port 80 and 443 to visit websites.

Here&rsquo;s a crazy example.

    ping -c 1 gnu.org

PING gnu.org (209.51.188.116): 56 data bytes
64 bytes from 209.51.188.116: icmp<sub>seq</sub>=0 ttl=55 time=39.078 ms
&#x2014; gnu.org ping statistics &#x2014;
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 39.078/39.078/39.078/0.000 ms

So, we now know that gnu.org is serving it&rsquo;s website on 209.51.188.116.  Try
posting this in a web browser url:  209.51.188.116.  You&rsquo;ll end up at
savannah.nongnu.org, which is a website that the fabulous people at GNU run.

Anyway, let&rsquo;s take a look at your IP address:

    ip address show

1: lo: <LOOPBACK,MULTICAST,UP,LOWER<sub>UP</sub>> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope global lo
       valid<sub>lft</sub> forever preferred<sub>lft</sub> forever
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER<sub>UP</sub>> mtu 1500 qdisc pfifo<sub>fast</sub> state UP group default qlen 1000
    link/ether 00:1c:25:9a:37:ba brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.122/24 brd 192.168.1.255 scope global dynamic noprefixroute enp0s25
       valid<sub>lft</sub> 22986sec preferred<sub>lft</sub> 22986sec
    inet6 fe80::36a7:f91e:a1e0:16fe/64 scope link noprefixroute
       valid<sub>lft</sub> forever preferred<sub>lft</sub> forever
3: wlp2s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether b6:cf:27:17:7c:fc brd ff:ff:ff:ff:ff:ff permaddr e4:ce:8f:59:d6:bf

Let&rsquo;s take the above output line by line:

    1: lo: <LOOPBACK,MULTICAST,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet *127.0.0.1/8* scope global lo
           valid_lft forever preferred_lft forever
    
    
    lo is your loopback device, which is fancy talk for "ME". The embolded
    *127.0.0.1* is a universal alias for "ME". If you have a web site running on
    your computer, typing in 127.0.0.1:80 lets you access that website. 127.0.0.1:80
    means, talk to the computer at address 127.0.0.1 (which is me), and request the
    content on port 80.

    2: *enp0s25*: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
        link/ether 00:1c:25:9a:37:ba brd ff:ff:ff:ff:ff:ff
        *inet* *192.168.1.122/24* brd 192.168.1.255 scope global dynamic noprefixroute enp0s25
           valid_lft 22986sec preferred_lft 22986sec
        *inet6* *fe80::36a7:f91e:a1e0:16fe/64* scope link noprefixroute
           valid_lft forever preferred_lft forever
    
    *enp0s25* is your ethernet device.  Anything that begins with an 'e' is usually
     an ethernet device.  Ethernet is usually the blue cable that you
     plug into your laptop or server.  Laptops increasingly do not have ethernet,
     which is sad 'cause ethernet is faster than wifi.
    
    
    *init* means IPv4. Remember when I said that computers have IP address? Well
    than have one that looks like *192.168.1.122*. That is the IPv4 address. People
    now adays have phones, tablets, gaming consoles, smart watches, etc. and each
    need an IP address. As a result, the IPv4 address space is getting a little
    crowded. So some smart people introduced IPv6, which has much more unique IDs.
    (Keep reading to see an example IPv6 address).
    
    
    Unfortunately for me, an IP address of 192.168.number.number is a LAN IP. That
    means I have to be in my house to talk to view my personal website. I cannot
    view that website at work. :(
    
    
    *init6* is IPv6. And *fe80::36a7:f91e:a1e0:16fe* is this computer's IPv6
     address. fe80 is also a LAN IPv6 address. The outside world cannot use that
     address to talk to this local computer.

    3: *wlp2s0*: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
        link/ether b6:cf:27:17:7c:fc brd ff:ff:ff:ff:ff:ff permaddr e4:ce:8f:59:d6:bf
    
    This is my wifi device.  Anything that begins with an 'w' is usually a wifi device.

    ip route

default via 192.168.1.1 dev enp0s25 proto dhcp metric 100
192.168.1.0/24 dev enp0s25 proto kernel scope link src 192.168.1.122 metric 100

The number after **default** is the default gateway. That is my router&rsquo;s LAN IP
address. If I type that into a web browser, when I am at home, then I can log
into my router. Usually your router&rsquo;s username and password is on a stick on the
back of your router.

Also, it should be possible for me to log into the router and tell it to open up
ports 80 and 443 (http and https), so that anyone connecting to say
`www.copertino.me` would be connecting to my computer only, AND NOT my
roommates&rsquo; laptop. However, an attacker could still potentially break into my
guix system computer, and attack my roommate&rsquo;s computer.

Also, if you decide to play around with customizing your router, I would
recommend OpenBSD. OpenBSD potentially has some binary blobs for wifi, which is
why the [FSF](https://www.gnu.org/distros/free-distros.en.html) will not endorse it as a free distro. but if you don&rsquo;t use wifi,
then there is no software freedom issues. Anyway, I have recently developed
quite the crush on OpenBSD, and I found this [guide](https://openbsdrouterguide.net/), that helps you use OpenBSD
for your router. It&rsquo;s actually quite comprehensive:

> In this guide we&rsquo;re going to take a look at how we can use cheap and &ldquo;low end&rdquo;
> hardware to build an amazing OpenBSD router with firewalling capabilities,
> segmented local area networks, DNS with domain blocking, DHCP and more.
> 
> We will use a setup in which the router segments the local area network (LAN)
> into three separate networks, one for the grown-ups in the house, one for the
> children, and one for public facing servers (a DMZ), such as a private web
> server or mail server. We will also look at how we can use DNS to block out ads,
> porn, and other websites on the Internet. The OpenBSD router can also be used on
> small to mid-size offices.


